Configure TCP/IP on the RRAS Server
Applies To: Windows 7, Windows Server 2008 R2
Before you configure an RRAS server as a remote access server, you must configure the TCP/IP settings for the Internet or perimeter network interface and for the intranet interface.
Note
We recommend that you do not use automatic DHCP to configure a VPN server. Instead, either manually configure TCP/IP, or use DHCP with MAC address reservations to keep the TCP/IP configuration of the VPN server stable.
Configure the Internet interface of the VPN server with a default gateway. Configure the TCP/IP settings with a public IP address, a subnet mask, and the default gateway of either the firewall (if the VPN server is connected to a perimeter network) or an ISP router (if the VPN server is connected directly to the Internet). Do not configure a default gateway for the intranet interface. Doing so might cause conflicts with the default route that points to the Internet. The procedures in this topic describe how to configure Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) manually.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
Configuring TCP/IP on the VPN server
To configure IPv6 for the Internet interface
To configure IPv4 for the Internet interface
To configure IPv6 for the intranet interface
To configure IPv4 for the intranet interface
To configure IPv6 for the Internet interface
In Control Panel, under Network and Internet, click View network status and tasks.
In the Network and Sharing Center, click Change adapter settings.
In Network Connections, right-click the network adapter that you want to configure, and then click Properties.
Select Internet Protocol Version 6 (TCP/IPv6), and then click Properties.
Click Use the following IPv6 address.
In the boxes, type the IPv6 address, the subnet prefix length of the address (typically 64), and the IPv6 address of the default gateway on the attached link.
Type the IPv6 addresses of the DNS servers that support IPv6 (AAAA) host records.
Click Advanced to display the Advanced TCP/IP Settings dialog box.
If you need to add additional IPv6 addresses, on the IP Settings tab, under IP addresses, click Add. If there are multiple routers to other links connected on the attached link, under Default gateways, click Add, and then enter the addresses.
Click the DNS tab.
If you need to add additional DNS servers, click Add, and then enter the addresses.
To prevent the VPN server from dynamically registering the public IP address of its Internet (public) interface with an intranet DNS server, clear the Register this connection’s addresses in DNS check box. This check box is selected by default.
Click OK to close any open dialog boxes.
To configure IPv4 for the Internet interface
In Control Panel, under Network and Internet, click View network status and tasks.
In the Network and Sharing Center, click Change adapter settings.
In Network Connections, right-click the network adapter that you want to configure, and then click Properties.
Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
On the General tab, select Use the following IP address, and then type the IP address, subnet mask, and default gateway.
The IP address must be a public IP address assigned by your ISP. As an option, you can configure the VPN server with a private IP address but assign it a published static IP address by which it is known on the Internet. When packets are sent to and from the VPN server, a network address translation (NAT) device that is positioned between the Internet and the VPN server translates the published IP address to the private IP address.
When you configure a VPN connection, give your VPN servers names that can be resolved to IP addresses using DNS.
Click Advanced to display the Advanced TCP/IP Settings dialog box.
To prevent the VPN server from dynamically registering the public IP address of its Internet (public) interface with an intranet DNS server, on the DNS tab, clear the Register this connection’s addresses in DNS check box. This check box is selected by default.
To prevent the VPN server from registering the public IP address of its Internet interface with intranet WINS servers, on the WINS tab, select Disable NetBIOS over TCP/IP.
Click OK to close any open dialog boxes.
To configure IPv6 for the intranet interface
In Control Panel, under Network and Internet, click View network status and tasks.
In the Network and Sharing Center, click Change adapter settings.
In Network Connections, right-click the network adapter that you want to configure, and then click Properties.
On the General tab, select Use the following IPv6 address, and then type the IPv6 address, subnet prefix length, and DNS server address.
Important
When you configure IPv6 for the intranet interface of the VPN server, do not configure the default gateway on the intranet connection. This will prevent default route conflicts with the default route pointing to the Internet.
- If you have additional IPv6 addresses or additional DNS servers to assign to this interface, click Advanced, and then add them to the IP Settings or DNS tabs, as appropriate.
To configure IPv4 for the intranet interface
In Control Panel, under Network and Internet, click View network status and tasks.
In the Network and Sharing Center, click Change adapter settings.
In Network Connections, right-click the network adapter that you want to configure, and then click Properties.
On the General tab, select Use the following IP address, and then type the IPv4 address, subnet mask, and DNS server address.
Important
When you configure IPv4 for the intranet interface of the VPN server, do not configure the default gateway on the intranet connection. This will prevent default route conflicts with the default route pointing to the Internet.
Click Advanced to display the Advanced TCP/IP Settings dialog box.
On the WINS tab, configure the IP addresses of your WINS servers.